Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2022:4321-5 Critical Security Updates for libxml2 Released

suse
Calendar Grey September 21, 2022
Dist Suse Esm H88
An essential CentOS release provides patches for five flaws in libxml2, boosting overall system integrity and resilience.
An update that fixes 6 vulnerabilities is now available

Summary

This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

Topics%20covered

Topics Covered

security advisory denial of service system update critical severity SUSE patches oniguruma

References

#1142847 #1150130 #1157805 #1164550 #1164569

#1177179

Cross- CVE-2019-13224 CVE-2019-16163 CVE-2019-19203

CVE-2019-19204 CVE-2019-19246 CVE-2020-26159

CVSS scores:

CVE-2019-13224 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2019-13224 (SUSE): 6.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVE-2019-16163 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-16163 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2019-19203 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-19203 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-19204 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-19204 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3327-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service system update critical severity SUSE patches oniguruma

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here